### [CVE-2024-8783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8783)
![](https://img.shields.io/static/v1?label=Product&message=MyAAC&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0.8.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.12%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.13%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.14%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.15%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.16%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.7%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0.8.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brightgreen)

### Description

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue.
Es wurde eine problematische Schwachstelle in OpenTibiaBR MyAAC bis 0.8.16 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei system/pages/forum/new_post.php der Komponente Post Reply Handler. Durch die Manipulation des Arguments post_topic mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

### POC

#### Reference
- https://github.com/opentibiabr/myaac/issues/121

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds